Protecting sensitive customer data in cloud based Multi-Tenant environment RRS feed

  • Question

  • Hello All,

    We are building a multi-tenant cloud-based web product where customer data is stored in single Database instance. There are certain portion of customer specific business data which is highly sensitive. The sensitive business data should be protected such that nobody can access it except the authorized users of the customer (neither through application not through accessing Database directly). Customer want to make sure even the platform provider(us) is not able to access specific data by any means. They want us to clearly demonstrate Data security in this context. I am looking for specific guidance in the following areas:

    1. How to I make sure the data is protected at Database level such that even the platform provider cannot access the data.
    2. Even if we encrypt the Data, the concern is that anyone with the encryption key can decrypt the data
    3. What is the best way to solve this problem?

    Appreciate your feedback.

    Wednesday, June 27, 2018 4:07 AM